agenttesla | 721980aeb971501b3871cc04ece30c372726f46a791d478d03546aabdfa9cd83 | Triage

Sharing

General

Target

721980aeb971501b3871cc04ece30c372726f46a791d478d03546aabdfa9cd83
Size

239KB
Sample

250125-bpzn6ayjbt
MD5

7c15e3de1f8fcc1b3121db1f35d4049e
SHA1

d71dcbbe8f03b0c07368839e2e1936e8dfe19b06
SHA256

721980aeb971501b3871cc04ece30c372726f46a791d478d03546aabdfa9cd83
SHA512

c1b360b1a9e8d1254e6ddc547c6d66b3feab38186396c4dfacad0d7f4736ba57b62b46bfe5332d1904a3b29301e19c176fa38e3818de4ee20de0f71847c11d5e
SSDEEP

3072:8KY2cmYdglGDpIgMI7oOGoUeUp8+yMb7MtwHgo8GhlAbdqiQeGDq+bG/rnv/1:LQ9gkdgkLU8+yElgxiq+O+bAr1

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
162.254.34.31
Port:
587
Username:
[email protected]
Password:
6RLYuUCIH8hN
Email To:
[email protected]

Targets

- Target
  
  721980aeb971501b3871cc04ece30c372726f46a791d478d03546aabdfa9cd83
- Size
  
  239KB
- MD5
  
  7c15e3de1f8fcc1b3121db1f35d4049e
- SHA1
  
  d71dcbbe8f03b0c07368839e2e1936e8dfe19b06
- SHA256
  
  721980aeb971501b3871cc04ece30c372726f46a791d478d03546aabdfa9cd83
- SHA512
  
  c1b360b1a9e8d1254e6ddc547c6d66b3feab38186396c4dfacad0d7f4736ba57b62b46bfe5332d1904a3b29301e19c176fa38e3818de4ee20de0f71847c11d5e
- SSDEEP
  
  3072:8KY2cmYdglGDpIgMI7oOGoUeUp8+yMb7MtwHgo8GhlAbdqiQeGDq+bG/rnv/1:LQ9gkdgkLU8+yElgxiq+O+bAr1
Score

10^/10

discovery agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops startup file
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan